Community discussions

MikroTik App
 
darc
just joined
Topic Author
Posts: 6
Joined: Thu Nov 30, 2023 10:51 am

EoIP tunnel not comunicating

Thu Nov 30, 2023 11:04 am

Greetings,
I have a problem with an eoip connection between two mikrotik routerboards (R1 routerOS 6.47.4, R2 routerOS 6.49.8)

I want to reach from router R2 a host that is connected to R1.
From R1 I can reach R2 hosts but not the opposite.

Below are the configurations:


R1:
/interface eoip
add local-address=(public R1 IP) mac-address=02:CE:5C:21:13:4B name=\
    eoip-xxx remote-address=(public r2 ip) tunnel-id=10101

/ip address
add address=172.16.250.1/30 interface=eoip-xxx network=\
    172.16.250.0
    
/ip route
add comment="Route for R2" distance=1 dst-address=192.168.118.0/24 \
    gateway=172.16.250.2



R2:
/interface eoip
add local-address=(R2 PUBLIC IP) mac-address=02:0E:51:E0:B8:89 name=\
    eoip-xxxx remote-address=(R1 PUBLIC IP) tunnel-id=10101
    
/ip address
add address=172.16.250.2/30 interface=eoip-xxx network=\
    172.16.250.0

/ip route
add comment="Route for R1" distance=1 dst-address=192.168.114.0/24 \
    gateway=172.16.250.1    
Last edited by darc on Fri Dec 01, 2023 10:09 am, edited 1 time in total.
 
LdB
Member Candidate
Member Candidate
Posts: 141
Joined: Thu May 20, 2021 4:23 pm

Re: EoIP tunnel not comunicating

Thu Nov 30, 2023 5:46 pm

Your problem is obvious ... this is wrong
/ip route
add comment="Route for R1" distance=1 dst-address=192.168.118.0/24 \
    gateway=172.16.250.1 
As you can ping from R1 to R2 we know that the 192.168.118.0/24 network and machines are on Router 2
So why the hell are you sending 192.168.118.0/24 traffic back to router 1

What needs to go back to router 1 is the source network on router 1 you are pinging from.
So lets say router 1 network is 192.168.117.0/24 that is the traffic you need to send back and it would be
/ip route
add comment="Route for R1" distance=1 dst-address=192.168.117.0/24 \
    gateway=172.16.250.1 
If you are trying to do something funky like use the same network on both routers you will need to split the network into two /25
So something like router one with 192.168.118.0/25 and router two with 192.168.118.128/25
 
darc
just joined
Topic Author
Posts: 6
Joined: Thu Nov 30, 2023 10:51 am

Re: EoIP tunnel not comunicating

Fri Dec 01, 2023 10:09 am

Sorry, tunnel from r1 to r2 has 192.168.118.0/24 and tunnel from r2 to r1 has 192.168.114.0/24.
I got confused when I wrote the post.
 
darc
just joined
Topic Author
Posts: 6
Joined: Thu Nov 30, 2023 10:51 am

Re: EoIP tunnel not comunicating

Fri Dec 01, 2023 12:43 pm

These are the confs:

R1
/interface eoip
add local-address=(public R1 IP) mac-address=02:CE:5C:21:13:4B name=\
    eoip-xxx remote-address=(public r2 ip) tunnel-id=10101

/ip address
add address=172.16.250.1/30 interface=eoip-xxx network=\
    172.16.250.0
    
/ip route
add comment="Route for R2" distance=1 dst-address=192.168.118.0/24 \
    gateway=172.16.250.2

R2
/interface eoip
add local-address=(R2 PUBLIC IP) mac-address=02:0E:51:E0:B8:89 name=\
    eoip-xxxx remote-address=(R1 PUBLIC IP) tunnel-id=10101
    
/ip address
add address=172.16.250.2/30 interface=eoip-xxx network=\
    172.16.250.0

/ip route
add comment="Route for R1" distance=1 dst-address=192.168.114.0/24 \
    gateway=172.16.250.1  
 
LdB
Member Candidate
Member Candidate
Posts: 141
Joined: Thu May 20, 2021 4:23 pm

Re: EoIP tunnel not comunicating

Fri Dec 01, 2023 2:21 pm

That will work unless there is a firewall on the device you are trying to ping or R2 is not the gateway of R2 network.

So confirm
1.) you can ping the R1 network device from another device on the R1 network
2.) R2 has the gateway of the 192.168.118.0/24 network (normally 192.168.118.1) and you don't actually have a 3rd router you failed to mention which is the gateway to 192.168.118.0/24 (likely 192.168.118.1 and R2 has some other IP in the network)

If you have a 3rd gateway router you need a static route on it as well and we need the gateway IP and the R2 IP in the network.
 
darc
just joined
Topic Author
Posts: 6
Joined: Thu Nov 30, 2023 10:51 am

Re: EoIP tunnel not comunicating

Fri Dec 01, 2023 2:49 pm

I confirm that i can ping every R1 network device from 192.168.114.150 (ex. i got reply to 192.168.114.151)
and r2 has 192.168.118.254 as gateway. There isn't a 3rd router with same IPs
 
LdB
Member Candidate
Member Candidate
Posts: 141
Joined: Thu May 20, 2021 4:23 pm

Re: EoIP tunnel not comunicating

Sat Dec 02, 2023 3:29 pm

so on R2 what happens when you do this

ping 192.168.114.150 src-address=192.168.118.254
 
darc
just joined
Topic Author
Posts: 6
Joined: Thu Nov 30, 2023 10:51 am

Re: EoIP tunnel not comunicating

Sat Dec 02, 2023 4:07 pm

Image
 
LdB
Member Candidate
Member Candidate
Posts: 141
Joined: Thu May 20, 2021 4:23 pm

Re: EoIP tunnel not comunicating

Sun Dec 03, 2023 12:48 pm

So problem is not on the routers we keep coming back to R2 network and the .254 still makes me suspicious.

Goto a machine on R2 network and print out the routes
On a windows machine on terminal screen
route print
If we don't get something like below then we slap you :-)
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.118.254     192.168.1.xxx     35
I am thinking that we are going to find a 192.168.118.1 gateway.
 
darc
just joined
Topic Author
Posts: 6
Joined: Thu Nov 30, 2023 10:51 am

Re: EoIP tunnel not comunicating

Sun Dec 03, 2023 2:37 pm

That's what i got (i've done it on a linux server 'cause i haven't any windows pc in network
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.118.254 0.0.0.0         UG        0 0          0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0
192.168.118.0   0.0.0.0         255.255.255.0   U         0 0          0 eth0
 
LdB
Member Candidate
Member Candidate
Posts: 141
Joined: Thu May 20, 2021 4:23 pm

Re: EoIP tunnel not comunicating

Mon Dec 04, 2023 6:38 am

Your linux machine firewall has to be blocking ping responses from 192.168.114.0/24 because that is correct and will work. Really no other option you must have something like ufw running and forgot to allow ping responses thru.

You already proved above that anything from 192.168.118.254 is working and the first route rule definitely sends the ping traffic to that gateway AKA it should work. The problem therefore has to be on the linux box itself.

Who is online

Users browsing this forum: No registered users and 28 guests